CVE-2010-1639 — Clamav vulnerability

7 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

4.9%

top 10.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clamav Debian Clamav

Timeline

PublishedMay 26

Latest updateMay 17

Description

The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/clamav< clamav 0.96.1+dfsg-1 (bookworm)

▶Debianclamav/clamav< 0.96.1+dfsg-1+3

▶NVDclamav/clamav0.96+75

Patches

Patch: wwws.clamav.net ↗Patch: wwws.clamav.net ↗

🔴Vulnerability Details

GHSA

GHSA-wpfp-x7v8-4gqm: The cli_pdf function in libclamav/pdf↗2022-05-17

▶

OSV

CVE-2010-1639: The cli_pdf function in libclamav/pdf↗2010-05-26

▶

📋Vendor Advisories

Ubuntu

ClamAV vulnerabilities↗2010-05-27

▶

Debian

CVE-2010-1639: clamav - The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote at...↗2010

▶

💬Community

Bugzilla

CVE-2010-1639 Clam AntiVirus: Heap-based overflow, when processing malicious PDF file(s) [epel-all]↗2011-01-04

▶

Bugzilla

CVE-2010-1639 Clam AntiVirus: Heap-based overflow, when processing malicious PDF file(s)↗2010-05-24

▶